Container security

What’s new in Docker 1.3?

JAXenter Editorial Team
Container security man via Shutterstock

From better security to process injection – here are five reasons you’ll want to check out the latest release of Docker.

Docker has been causing quite a storm in the IT world since it first appeared last year. As the latest version 1.3 release of Docker brings plenty of interesting improvements, the Dockerisation storm of software development shows no sign of subsiding.

Here are the five main feature changes you’ll want to know about in version 1.3:

  1. Digital Signature Verification for checking Repos
  2. New flags for running docker-in-docker
  3. Manage container lifecycles
  4. Inject new processes inside the Docker container
  5. Shared directories on Mac OS X

Security first

The official repos where the community manage a pool of reusable images for Docker applications have been enhanced with a new security feature. Using a digital signature, the Docker Engine now automatically checks the source and integrity of official repos. The reason for this is that the high number of downloads in the official repos of the Docker hub registry.

There are further security enhancements, such as committer authentification and management by Public Key Infrastructure. Another significant security feature is the command line flag –security-opt, which allows users to add special SELinux and AppArmor labels and profiles. That means that on kernels supporting SELinux or AppArmor, security rules can be more precisely defined than using docker run –priveleged.

New commands

Using the newly introduced command docker exec via the Docker API and command line interface, processes can now be started within the active Docker container. This way, developers can access a running application, for instance to debug the container or add new devices.

Another added command is docker create, which creates a container – but unlike the previous docker run command, it doesn’t start the container immediately afterwards. By specifying tasks in this way, the user can fine-tune the life cycle of a container.


The particularly lightweight Linux distribution boot2docker is said to simplify the use of Docker on Mac OS X. But in terms of usability it still has some catching up to do. Version 1.3 addresses one of its functionality issues. Sharing directories between a Mac and the container is now no longer a problem. However, this new functionality is limited to the Virtualbox configuration of boot2docker and user directories.

45 developers contributed to Docker 1.3 with as many as 750 new commits. You can read up on all the specifics in the release notes and on the project’s GitHub page.

The rise of the container

Docker is an open-source project that has made it easy to create lightweight, portable containers for the encapsulation of any application. The goal is to use the advantages of virtual machines on Linux without the typical high use of resources.

The project won first prize in the category of “Most Innovative Open Technology” in the JAX Innovation Awards of 2014 and received venture capital funding of 4o million dollars this year.

Among those that have already adopted this technology are Rackspace, Baidu, Yandex, eBay, Spotify, opentable, cloudflare, mailgun, relateiq, rethinkdb, Gilt, Yelp and New Relic. Even the new Windows Server is said to be kitted out with Docker. According to Julien Barbier, the Community Manager at Docker, Inc., around 95% of the contributions to this project are not coming from inside of the company, but from the rapidly growing community.

Inline Feedbacks
View all comments